[Date Prev][Date Next]
Re: ldap_bind: Can't contact LDAP server(multithreaded ldap client)
On Mon, 2 Jun 2008, Rakesh Yadav wrote:
I have written a library using LDAP client API's according to my
requirement. I m having RPC clients and a RPC server. This RPC server is
multithreaded and uses the library which is written using LDAP client
The problem is :
1. I have open a single connection with LDAP server and passed the
global LDAP * ptr to all my library calls, And i sended a search
request from rpc client in a loop, it works and gives the result but
as i run second request for reading data from rpc server then i get
error from LDAP server "*Broken pipe*".
With libldap, LDAP handles do not support concurrent use. You can use a
given handle from multiple threads, but only by one at a time.
Now, libldap_r does support concurrent LDAP handle use in multiple
threads, but the processing of replies is effectively single-threaded: if
N threads are waiting in ldap_result() for particular responses, none will
return until the response is received that is needed by the first thread
to call ldap_result(). This is probably not the behavior you want.
2. Then i have decided i will use seprate connection with LDAP for each
thread and use a local LDAP *ptr for thread. This time multiple
requests from rpc client works for 2-3 minutes after that it also
gives error. "*ldap_bind :Can't contact LDAP server*"
In this case i opened and closed a connection with LDAP server for
That's the method I recommend. There are two things you need to ensure:
1) you must compile libldap with whatever compiler flags are needed to
make the code thread-safe, such as using the per-thread errno.
2) if using TLS/SSL (whether via ldaps or StartTLS), then you need to
compile your SSL library to be thread-safe *and* make whatever
setup calls are necessary
For example, with OpenSSL you need to call CRYPTO_set_locking_callback()
and probably CRYPTO_set_id_callback() too. You may also need to call the
CRYPTO_set_dynlock_*_callback() functions; the OpenSSL docs aren't very
clear on the subject...